Last updated: 20 Aug 2025 Quick rule: Site-to-Site for networks; Client VPN for users. In both cases, scope routes, rotate secrets, log connections, and alarm on tunnel state. 1) Site-to-Site VPN guardrails Use both tunnels; alarm on TunnelState changes. DPD enabled; strong ciphers; rotate PSKs regularly (or use certificates). Route only required prefixes; propagate to … Read more
Use case: quick overlay between sites/devices. Keep membership tight, pin routes, and don’t bridge recklessly. 1) Install & join curl -s https://install.zerotier.com | sudo bash sudo zerotier-cli join <network-id> Authorise the member in the controller, assign a static managed IP. 2) Secure defaults Disable auto-bridge; don’t expose whole LANs by accident. Use managed routes to … Read more
Why Remote Access is Still the #1 Attack Vector Every penetration tester says the same: the quickest win is remote access. Misconfigured VPNs, exposed RDP, and weak SSH bastions give attackers exactly what they need. With hybrid work the default, clients can’t afford sloppy access models. VPN Best Practices Use modern protocols: OpenVPN or WireGuard; … Read more
When non-IT people hear the term “VPN” they tend to think of a commercial service where for a monthly subscription you can connect your computer internet connection and surf the Web anonymously by passing your Internet traffic through a “VPN server” run by the VPN service provider. This is one usage for a VPN – … Read more
The following is a copyright-free (creative-commons) released post by someone explaining why you should never use a VPN if you want security. Most average computer and internet users are unaware of the facts mentioned in this post. I thought this post expresses the realities about VPNs succintly and clearly, and so I decided to reproduce … Read more
